WO2012003050A1 - Systèmes et procédés de création de bandes de confiance personnalisées destinées à être utilisées en détection de logiciel malveillant - Google Patents

Systèmes et procédés de création de bandes de confiance personnalisées destinées à être utilisées en détection de logiciel malveillant Download PDF

Info

Publication number
WO2012003050A1
WO2012003050A1 PCT/US2011/036562 US2011036562W WO2012003050A1 WO 2012003050 A1 WO2012003050 A1 WO 2012003050A1 US 2011036562 W US2011036562 W US 2011036562W WO 2012003050 A1 WO2012003050 A1 WO 2012003050A1
Authority
WO
WIPO (PCT)
Prior art keywords
portal
executable
computer
executable object
disposition
Prior art date
Application number
PCT/US2011/036562
Other languages
English (en)
Inventor
Joseph Chen
Jamie Jooyoung Park
Original Assignee
Symantec Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Symantec Corporation filed Critical Symantec Corporation
Priority to EP11722671.2A priority Critical patent/EP2588984A1/fr
Priority to CN201180028892.0A priority patent/CN103109295B/zh
Priority to JP2013518400A priority patent/JP5715693B2/ja
Publication of WO2012003050A1 publication Critical patent/WO2012003050A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Abstract

L'invention porte sur un procédé mis en œuvre par ordinateur pour créer des bandes de confiance personnalisées destinées à être utilisées en détection de logiciel malveillant, qui peut consister à 1) identifier un portail pour recevoir un contenu exécutable, 2) identifier des métadonnées relatives au portail, 3) analyser les métadonnées afin de déterminer quel risque pose un contenu exécutable reçu par l'intermédiaire du portail, et ensuite 4) créer, sur la base de l'analyse, une bande de confiance à appliquer durant au moins une disposition de contenu exécutable reçu par l'intermédiaire du portail. Divers autres procédés, systèmes et supports lisibles par ordinateur sont également décrits.
PCT/US2011/036562 2010-07-02 2011-05-14 Systèmes et procédés de création de bandes de confiance personnalisées destinées à être utilisées en détection de logiciel malveillant WO2012003050A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP11722671.2A EP2588984A1 (fr) 2010-07-02 2011-05-14 Systèmes et procédés de création de bandes de confiance personnalisées destinées à être utilisées en détection de logiciel malveillant
CN201180028892.0A CN103109295B (zh) 2010-07-02 2011-05-14 创建在恶意软件检测中使用的定制化置信带的系统和方法
JP2013518400A JP5715693B2 (ja) 2010-07-02 2011-05-14 マルウェア検出に使用するカスタマイズされた信頼帯を作成するシステム及び方法

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/830,286 2010-07-02
US12/830,286 US8528090B2 (en) 2010-07-02 2010-07-02 Systems and methods for creating customized confidence bands for use in malware detection

Publications (1)

Publication Number Publication Date
WO2012003050A1 true WO2012003050A1 (fr) 2012-01-05

Family

ID=44121261

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2011/036562 WO2012003050A1 (fr) 2010-07-02 2011-05-14 Systèmes et procédés de création de bandes de confiance personnalisées destinées à être utilisées en détection de logiciel malveillant

Country Status (5)

Country Link
US (1) US8528090B2 (fr)
EP (1) EP2588984A1 (fr)
JP (1) JP5715693B2 (fr)
CN (1) CN103109295B (fr)
WO (1) WO2012003050A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013143132A (ja) * 2012-01-10 2013-07-22 Xecure Lab Co Ltd 悪意のある書類ファイルのデジタル指紋を取得する方法
US8528090B2 (en) 2010-07-02 2013-09-03 Symantec Corporation Systems and methods for creating customized confidence bands for use in malware detection
JP2015530678A (ja) * 2012-10-29 2015-10-15 マカフィー, インコーポレイテッド マルウェア検出の動的な検疫
WO2017027103A1 (fr) * 2015-08-11 2017-02-16 Symantec Corporation Systèmes et procédés permettant de détecter des vulnérabilités inconnues dans des processus informatiques

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8832835B1 (en) * 2010-10-28 2014-09-09 Symantec Corporation Detecting and remediating malware dropped by files
WO2013170064A2 (fr) 2012-05-09 2013-11-14 SunStone Information Defense Inc. Procédés et appareil pour identifier et supprimer des applications malveillantes
US9009615B2 (en) 2012-10-17 2015-04-14 Microsoft Technology Licensing, Llc Portal for submitting business metadata for services
CN106295333B (zh) * 2015-05-27 2018-08-17 安一恒通(北京)科技有限公司 用于检测恶意代码的方法和系统
US11941121B2 (en) * 2021-12-28 2024-03-26 Uab 360 It Systems and methods for detecting malware using static and dynamic malware models

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006094228A2 (fr) * 2005-03-02 2006-09-08 Markmonitor, Inc. Mise en place de politiques de fiducie
US20060253581A1 (en) * 2005-05-03 2006-11-09 Dixon Christopher J Indicating website reputations during website manipulation of user information
WO2010002638A2 (fr) * 2008-06-30 2010-01-07 Symantec Corporation Communication simplifiée d'une note de réputation pour une entité

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4516331B2 (ja) * 2004-03-03 2010-08-04 東芝Itサービス株式会社 業務支援装置及び業務支援プログラム
US8190540B2 (en) * 2005-01-14 2012-05-29 Ultra-Scan Corporation Multimodal fusion decision logic system for determining whether to accept a specimen
US20070100643A1 (en) * 2005-10-07 2007-05-03 Sap Ag Enterprise integrity modeling
US7845013B2 (en) * 2006-05-30 2010-11-30 International Business Machines Corporation Method and system for protecting the security of an open file in a computing environment
US8424061B2 (en) * 2006-09-12 2013-04-16 International Business Machines Corporation Method, system and program product for authenticating a user seeking to perform an electronic service request
JP2009059160A (ja) * 2007-08-31 2009-03-19 Sony Corp サーバ装置、ネットワークシステム、コンテンツ発見通知方法、及びコンピュータ・プログラム
US7472420B1 (en) * 2008-04-23 2008-12-30 Kaspersky Lab, Zao Method and system for detection of previously unknown malware components
US8418237B2 (en) * 2009-10-20 2013-04-09 Microsoft Corporation Resource access based on multiple credentials
US8528090B2 (en) 2010-07-02 2013-09-03 Symantec Corporation Systems and methods for creating customized confidence bands for use in malware detection

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006094228A2 (fr) * 2005-03-02 2006-09-08 Markmonitor, Inc. Mise en place de politiques de fiducie
US20060212930A1 (en) * 2005-03-02 2006-09-21 Markmonitor, Inc. Distribution of trust data
US20060253581A1 (en) * 2005-05-03 2006-11-09 Dixon Christopher J Indicating website reputations during website manipulation of user information
WO2010002638A2 (fr) * 2008-06-30 2010-01-07 Symantec Corporation Communication simplifiée d'une note de réputation pour une entité

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8528090B2 (en) 2010-07-02 2013-09-03 Symantec Corporation Systems and methods for creating customized confidence bands for use in malware detection
JP2013143132A (ja) * 2012-01-10 2013-07-22 Xecure Lab Co Ltd 悪意のある書類ファイルのデジタル指紋を取得する方法
JP2015530678A (ja) * 2012-10-29 2015-10-15 マカフィー, インコーポレイテッド マルウェア検出の動的な検疫
WO2017027103A1 (fr) * 2015-08-11 2017-02-16 Symantec Corporation Systèmes et procédés permettant de détecter des vulnérabilités inconnues dans des processus informatiques

Also Published As

Publication number Publication date
JP2013533554A (ja) 2013-08-22
CN103109295B (zh) 2015-09-09
US8528090B2 (en) 2013-09-03
US20120005751A1 (en) 2012-01-05
JP5715693B2 (ja) 2015-05-13
EP2588984A1 (fr) 2013-05-08
CN103109295A (zh) 2013-05-15

Similar Documents

Publication Publication Date Title
US10320818B2 (en) Systems and methods for detecting malicious computing events
US9166997B1 (en) Systems and methods for reducing false positives when using event-correlation graphs to detect attacks on computing systems
US8528090B2 (en) Systems and methods for creating customized confidence bands for use in malware detection
US8739284B1 (en) Systems and methods for blocking and removing internet-traversing malware
US9330258B1 (en) Systems and methods for identifying uniform resource locators that link to potentially malicious resources
US9141790B2 (en) Systems and methods for using event-correlation graphs to detect attacks on computing systems
US9148441B1 (en) Systems and methods for adjusting suspiciousness scores in event-correlation graphs
US9838405B1 (en) Systems and methods for determining types of malware infections on computing devices
US8806641B1 (en) Systems and methods for detecting malware variants
US8769685B1 (en) Systems and methods for using file paths to identify potentially malicious computer files
US9043922B1 (en) Systems and methods for determining malicious-attack exposure levels based on field-data analysis
US9171156B1 (en) Systems and methods for managing malware signatures
US10735468B1 (en) Systems and methods for evaluating security services
US9202050B1 (en) Systems and methods for detecting malicious files
US10366233B1 (en) Systems and methods for trichotomous malware classification
CA2915068C (fr) Systemes et procedes permettant de commander des mises a jour d'applications
US9104873B1 (en) Systems and methods for determining whether graphics processing units are executing potentially malicious processes
US9385869B1 (en) Systems and methods for trusting digitally signed files in the absence of verifiable signature conditions
US8321940B1 (en) Systems and methods for detecting data-stealing malware
US9332025B1 (en) Systems and methods for detecting suspicious files
US10489587B1 (en) Systems and methods for classifying files as specific types of malware
US9489513B1 (en) Systems and methods for securing computing devices against imposter processes
US9646158B1 (en) Systems and methods for detecting malicious files
US9483643B1 (en) Systems and methods for creating behavioral signatures used to detect malware
US9323924B1 (en) Systems and methods for establishing reputations of files

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201180028892.0

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11722671

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2013518400

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2011722671

Country of ref document: EP